﻿using System;
using System.Data.SqlClient;
using System.Data;
using System.Configuration;
using System.Web.Security;
using Planetwork.App_Code;

namespace Planetwork
{
    public partial class Login : System.Web.UI.Page
    {
        public static string conStr = ConfigurationManager.AppSettings["conStr"];
        SqlConnection mycon = new SqlConnection(conStr);
        protected void Page_Load(object sender, EventArgs e)
        {
           this.loginName.Attributes.Add("placeholder", "请输入您的用户名");
           this.loginPwd.Attributes.Add("placeholder", "请输入您的密码");
             
            if (Context.Session["Name"] != null && !IsPostBack)
            {
                if (Request.QueryString["ReturnUrl"] == null)
                    Response.Write("<script>alert('你已登录!');window.location.href ='Default.aspx';</script>");

                Response.Write("<script>alert('你已登录!');window.location.href ='"+ Request.QueryString["ReturnUrl"] + "';</script>");
            }
            
        }

        /// <summary>
        /// 登录
        /// </summary>
        /// <param name="sender"></param>
        /// <param name="e"></param>
        protected void loginBtn_Click(object sender, EventArgs e)
        {
            string sql = "select *from Account where UserName = @userName and UserPassword = @password";
            SqlDataAdapter mydat = new SqlDataAdapter(sql, mycon);
            mydat.SelectCommand.Parameters.AddWithValue("@userName", this.loginName.Text.Trim().ToLower());
            mydat.SelectCommand.Parameters.AddWithValue("@password", this.loginPwd.Text.Trim());
            DataSet myds = new DataSet();

            mycon.Open();
            mydat.Fill(myds);
            mycon.Close();

            if(myds.Tables[0].Rows.Count > 0)
            {
                Context.Session["Name"] = myds.Tables[0].Rows[0]["UserName"].ToString();
                FormsAuthentication.SetAuthCookie(this.loginName.Text.Trim().ToLower(), false);
                // Response.Write("<script>alert('登录成功!');window.location.href ='" + Request.QueryString["url"] + "';</script>");
                Response.Write("<script>alert('登录成功!');window.location.href ='" + Request.QueryString["ReturnUrl"] + "';</script>");
            }
            else
            {
                Response.Write("<script>alert('用户名或密码错误');</script>");
                return;
            }
        }

        /// <summary>
        /// 找回密码
        /// </summary>
        /// <param name="sender"></param>
        /// <param name="e"></param>
        protected void resetPwdBtn_Click(object sender, EventArgs e)
        {
            string selectSql = "select ID from Account where UserName = @name and Email = @email";
            SqlDataAdapter mydat = new SqlDataAdapter(selectSql, mycon);
            mydat.SelectCommand.Parameters.AddWithValue("@name", this.resetPwdName.Text.Trim());
            mydat.SelectCommand.Parameters.AddWithValue("@email", this.resetPwdEmail.Text.Trim());
            DataSet myds = new DataSet();
            
            try
            {
                mycon.Open();
                mydat.Fill(myds);
                
                if(myds.Tables[0].Rows.Count > 0)
                {
                    int newPwd = new Random().Next(100000, 999999);
                    string updateSql = "Update Account set UserPassword = @newPwd where UserName = @name";
                    mydat = new SqlDataAdapter(updateSql, mycon);
                    mydat.SelectCommand.Parameters.AddWithValue("@newPwd", newPwd);
                    mydat.SelectCommand.Parameters.AddWithValue("@name", this.resetPwdName.Text.Trim());
                    mydat.SelectCommand.ExecuteNonQuery();
                    mycon.Close();

                    var i = SendEmail.EmailSetting("Planetwork重置密码", "您的新密码是： " + newPwd.ToString(), this.resetPwdEmail.Text.Trim());
                    if(i == "S")
                    {
                        Response.Write("<script>alert('新密码已经发送到您的邮箱');</script>");
                    }
                    else
                    {
                        Response.Write("<script>alert('" + i +"');</script>");
                    }

                }
                else
                {
                    mycon.Close();
                    Response.Write("<script>alert('用户名与Email不符');</script>");
                }     
            }
            catch (Exception ex)
            {
                throw new Exception(ex.ToString());
            }
        }
    }
}